1. Technical Field
The present subject matter relates to detecting in-progress execution of malicious programs in microprocessor-based system. In some cases execution of the malicious program may be stopped and the user notified by visual and/or audible notification that an attack has been detected.
2. Background
Many microprocessor-based consumer electronic devices are designed with two levels of privilege: one for the operating system (O/S); and the other for user software applications. In some microprocessor-based systems the two privilege levels do not provide adequate security, mainly due to the fact that effective implementation of the operating system privilege level (sometimes referred to as protected mode) relies on proper operation of the O/S software. Such reliance on the proper operation of the O/S software can leave a system potentially vulnerable to malicious programs such as computer viruses.
Some microprocessor-based systems have addressed this issue by implementing a third “secure” level of operation, implemented in hardware. This security hardware can block software access to at least some hardware components (e.g., memory, memory management units, and cache registers). The security hardware may monitor the system for security violations and reset the entire system if any such violations are detected. However, causing a reset of the system itself can be an attack, and if the reset of the system is frequent, the system may be unusable. An attack such as this is what is sometimes referred to as a “denial of service” (DoS) attack.
Accordingly, a system capable of detecting and stopping an attack without resorting to such extreme measures as resetting the system is desirable.